Re: [Vserver] problems shuting down vserver with the same IP of the host
> the point here is, if you tell the tools to create _and_ > remove the ip on startup and shutdown, they will do so. but I didn't tell the tools to create and especially remove anything... > now for the syntax and/or changes to the config: > 'dev' = eth0 definitely means: please create that ip why 'dev'= eth0, why eth0? is eth0 hardcoded? Does it mean anything? Why 'dev', when it seems to mean something else, AND it used to mean something else in previous versions. > 'nodev' definitely means, don't create that ip Well, where is the option to 'create but not remove that ip'? I can't believe you're arguing about this, this is a simple fix, and you're arguing 'no, we did it like this, and it works like this, and although noone expects it, it'a feature not a bug'. Common, people are using this, try not to hurt them too much. -- Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 Total Existance Failure ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problems shuting down vserver with the same IP of the host
On Tue, Apr 04, 2006 at 07:35:09PM +0200, eyck wrote: > > >|/echo "200.55.194.24" > /etc/vservers/geekzone/interfaces/0/ip/| > > >|/echo "29" > /etc/vservers/geekzone/interfaces/0/prefix/| > > You forgot to touch /etc/vservers/geekzone/interfaces/0/nodev so the > > vserver script will try to add and remove that address. > Is it impossible for vserver scripts to try and avoid such situation? > This is not the first person complaining about this... and this is > akin re-formating all your hardrives because you chose wrong font > color behaviour...especially for remotely hosted vservers... ..and > it's not exactly well-documented... and even if it was, not fixing > your bugs just because you described them sowhere is not an excuse. ahem, well, if you put an 'ifconfig eth0 down' into rc.local it will also shutdown your eth0 interface, no? the point here is, if you tell the tools to create _and_ remove the ip on startup and shutdown, they will do so. period. now for the syntax and/or changes to the config: 'dev' = eth0 definitely means: please create that ip 'nodev' definitely means, don't create that ip neither dev nor nodev should probably give an error (no idea what it currently does) and of course, you might create a wiki page explaining the stuff (but please check that it doesn't already exist) best, Herbert > -- > Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 > Total Existance Failure > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] nfs mount
On Tuesday 04 April 2006 18:40, Herbert Poetzl wrote: > On Tue, Apr 04, 2006 at 01:27:43PM +0200, Albert Shih wrote: > > Hi all > > > > I want my guest (yes the guest) mount some nfs partition from my central > > NFS server. > > > > When I try this I got this message > > > > mount: permission denied > > you are very likely missing the secure_mount and > binary_mount context capabilities for your guest, > (see http://linux-vserver.org/Caps+and+Flags) Just to be sure (personally, I don't use NFS inside a guest), I tried that : [EMAIL PROTECTED] ~]# cat /etc/vservers/esup-test/ccapabilities BINARY_MOUNT SECURE_MOUNT [EMAIL PROTECTED] ~]# cat /proc/virtual/206/status UseCnt: 48 Tasks: 24 Flags: 0002020f0010 BCaps: 344c04ff CCaps: 00050101 Ticks: 0 [EMAIL PROTECTED] ~]# vserver esup-test enter [EMAIL PROTECTED] /]# mount auth:/usr/local/dataprotector /tmp/a mount: permission denied Ethereal shows my NFS server responding with "Status: OK". I can mount the share, exported to '*(ro,no_root_squash,insecure)', on the host. Are there other requisities ? If I give the SYS_ADMIN capability, it works (but of course, I don't want that ;-) Even "vattribute --bcap 0x --ccap 0x" is not enough ... [EMAIL PROTECTED] ~]# vserver-info Versions: Kernel: 2.6.12.4-vs2.0-redhat VS-API: 0x00020001 util-vserver: 0.30.208; Sep 20 2005, 19:04:20 The same occurs on another host : [EMAIL PROTECTED] ~]# vserver-info Versions: Kernel: 2.6.14.6-vs2.1.0-www VS-API: 0x00020001 util-vserver: 0.30.210; Feb 16 2006, 11:23:06 > > > What's wrong ? > > > > I've google and some message tell me that's no really good idea to do > > this because the guest can make new /dev. But I «don't care» because I > > need nfs (home-dir). > > well, that's not the problem, secure_mount will > take care of that by adding the nodev option, > but still, if the server goes away, your host > will experience timeouts, so it should be a > trusted scenario for the guests ... > > HTH, > Herbert > > > Any one can help me ? > > > > Regards. > > -- > > Albert SHIH > > Universite de Paris 7 (Denis DIDEROT) > > U.F.R. de Mathematiques. > > 7 ième étage, plateau D, bureau 10 > > Heure local/Local time: > > Tue Apr 4 13:25:36 CEST 2006 > > ___ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] [x86] 2.6.16-vs2.0.2-rc15 works with FC5
4tr: -- snip -- # ./testme.sh -Lv Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. chcontext 0.30.210 -- allocates/enters a security context This program is part of util-vserver 0.30.210 Copyright (C) 2004 Enrico Scholz This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. Linux 2.6.16-vs2.0.2-rc15 #1 Tue Apr 4 14:09:42 CEST 2006 i686 Ea 0.30.210 273/glibc (DSa) VCI: 0002:0001 273 0376 (TbLgnP) ([EMAIL PROTECTED]) (gcc-Version 4.1.0 20060304 (Red Hat 4.1.0-3)) #1 Tue Apr 4 14:09:42 CEST 2006 --- [000]# chcontext true && chcontext --xid 45678 true [000]# succeeded. [001]# chcontext --xid 45678 egrep 'context|VxID' /proc/self/status [001]# succeeded. [011]# chcontext --secure --xid 45678 mknod /tmp/testme.sh.y28240/node c 0 0 [011]# succeeded. [031]# chcontext --hostname zaphod.28237 uname -a | grep -q zaphod.28237 [031]# succeeded. [101]# chbind --ip 192.168.0.42 true [101]# succeeded. [102]# chbind --ip 192.168.0.1/255.255.255.0 --ip 10.0.0.1/24 true [102]# succeeded. [201]# chcontext --xid 45678 --flag fakeinit bash -c 'test $$ -eq 1' [201]# succeeded. [202]# chcontext --flag fakeinit bash -c 'test $$ -eq 1' [202]# succeeded. --- [L01]# chcontext --xid 45601 bash -c 'true &' [L01]# succeeded. [D01]# chcontext bash -c 'true &' [D01]# succeeded. [L02]# chcontext --xid 45602 bash -c 'true | true' [L02]# succeeded. [D02]# chcontext bash -c 'true | true' [D02]# succeeded. [L03]# chcontext --xid 45603 bash -c 'true & true' [L03]# succeeded. [D03]# chcontext bash -c 'true & true' [D03]# succeeded. [L11]# chcontext --xid 45611 bash -c 'true >/dev/null' /dev/null' /dev/null [L12]# succeeded. [D12]# chcontext bash -c 'true /dev/null [D12]# succeeded. [L21]# chcontext --xid 45621 bash -c 'bash -c "true &"&' [L21]# succeeded. [D21]# chcontext bash -c 'bash -c "true &"&' [D21]# succeeded. [L22]# chcontext --xid 45622 bash -c 'bash -c "false | true &"&' [L22]# succeeded. [D22]# chcontext bash -c 'bash -c "false | true &"&' [D22]# succeeded. [L31]# chcontext --xid 45631 bash -c 'echo `ls`' [L31]# succeeded. [D31]# chcontext bash -c 'echo `ls`' [D31]# succeeded. -- snap -- -- regards 'n greez, Guenther Fuchs (aka "muh" and "powerfox") ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vattribute resets bcapabilities ?
On Tuesday 04 April 2006 18:25, Daniel Hokka Zakrisson wrote: > Xavier Montagutelli wrote: > > > > https://savannah.nongnu.org/patch/?func=detailitem&item_id=4968 Thank you. It's exactly what I had in mind. I never think about looking at this site, I'll do better in the future. -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problems shuting down vserver with the same IP of the host
> >|/echo "200.55.194.24" > /etc/vservers/geekzone/interfaces/0/ip/| > >|/echo "29" > /etc/vservers/geekzone/interfaces/0/prefix/| > You forgot to touch /etc/vservers/geekzone/interfaces/0/nodev so the > vserver script will try to add and remove that address. Is it impossible for vserver scripts to try and avoid such situation? This is not the first person complaining about this... and this is akin re-formating all your hardrives because you chose wrong font color behaviour...especially for remotely hosted vservers... ..and it's not exactly well-documented... and even if it was, not fixing your bugs just because you described them sowhere is not an excuse. -- Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 Total Existance Failure ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problems shuting down vserver with the same IP of the host
Daniel Ortiz wrote: |/echo "200.55.194.24" > /etc/vservers/geekzone/interfaces/0/ip/| |/echo "29" > /etc/vservers/geekzone/interfaces/0/prefix/| You forgot to touch /etc/vservers/geekzone/interfaces/0/nodev so the vserver script will try to add and remove that address. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] problems shuting down vserver with the same IP of the host
Hi First my host configuration Debian Sarge Uname –a Linux debian 2.6.14.7-vs2.1.0-grsec-2.1.9 #1 PREEMPT Thu Mar 2 13:59:25 CLST 2006 i686 GNU/Linux When i create a vserver (name of vserver = geekzone) with a private IP (192.168.1.2/24) I have no problem whith Start and stop the vserver and the vserver works fine … After that I stop the vserver Vserver geekzone stop and change the net configuration of the vserver with: echo "200.55.194.24" > /etc/vservers/geekzone/interfaces/0/ip echo "29" > /etc/vservers/geekzone/interfaces/0/prefix (200.55.194.54/29 is the public IP of the host machine) When i restart the vserver Vserver geekzone Start RTNETLINK answers: File exists Starting system log daemon: syslogd. Starting kernel log daemon: klogd. Starting MTA: exim4. Starting internet superserver: inetd. Starting deferred execution scheduler: atd. Starting periodic command scheduler: cron. And when i stop the vserver vserver geekzone stop Stopping periodic command scheduler: cron. Stopping MTA: exim4. Stopping internet superserver: inetd. Saving the System Clock time to the Hardware Clock... hwclock is unable to get I/O port access: the iopl(3) call failed. Hardware Clock updated to Tue Jan 10 20:43:27 CLST 2006. Stopping deferred execution scheduler: atd. Stopping kernel log daemon: klogd. Stopping system log daemon: syslogd. Sending all processes the TERM signal...done. Sending all processes the KILL signal...done. Saving random seed...done. Unmounting remote and non-toplevel virtual filesystems...done. Deconfiguring network interfaces...done. Cleaning up ifupdown...done. Deactivating swap...umount: none: not found umount: /tmp: must be superuser to umount Not superuser. done. Unmounting local filesystems...umount: none: not found umount: /tmp: must be superuser to umount umount: /dev/hdv1: not found umount: /: not mounted done. mount: permission denied Rebooting... ifdown: shutdown eth0: Permission denied after that all the system shutdown (vsrever and host), I need to do a vserver that listen in the same public IP than host but I dont know how i can resolv this inconvenient. Any sugestions welcome Thanks in advance Daniel Ortiz ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] nfs mount
On Tue, Apr 04, 2006 at 01:27:43PM +0200, Albert Shih wrote: > Hi all > > I want my guest (yes the guest) mount some nfs partition from my central > NFS server. > > When I try this I got this message > > mount: permission denied you are very likely missing the secure_mount and binary_mount context capabilities for your guest, (see http://linux-vserver.org/Caps+and+Flags) > What's wrong ? > > I've google and some message tell me that's no really good idea to do > this because the guest can make new /dev. But I «don't care» because I > need nfs (home-dir). well, that's not the problem, secure_mount will take care of that by adding the nodev option, but still, if the server goes away, your host will experience timeouts, so it should be a trusted scenario for the guests ... HTH, Herbert > Any one can help me ? > > Regards. > -- > Albert SHIH > Universite de Paris 7 (Denis DIDEROT) > U.F.R. de Mathematiques. > 7 ième étage, plateau D, bureau 10 > Heure local/Local time: > Tue Apr 4 13:25:36 CEST 2006 > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vattribute resets bcapabilities ?
Xavier Montagutelli wrote: https://savannah.nongnu.org/patch/?func=detailitem&item_id=4968 -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ACLs on root filesystem in vserver
On Tue, Apr 04, 2006 at 11:37:17AM +0200, January Weiner wrote: > Hi there, > > > usually the 'guest' filesystem is already mounted > > on the host, so if you have it mounted with acl, > > the acls will be used inside and outside the guest > > Strange things happen. I created a new server, and the ACLs worked. > Beside, I'm pretty sure that at a certain point of time the ACLs > worked on the first server as well. I do not know what went wrong. > If you want me to debug this problem, write me an e-mail, otherwise - > the matter is closed for me. well, let's handle it like this: if you encounter any issues or strange behaviour, please come back and report asap, as long as everything works fine it's probably not worth debugging it further thanks, Herbert > Regards, > > January > > -- > January Weiner 3 -+--- > Division of Bioinformatics, University of Muenster | Schloßplatz 4 > (+49)(251)8321634 | D48149 Münster > http://www.uni-muenster.de/Biologie.Botanik/ebb/| Germany ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vattribute resets bcapabilities ?
I try the "vattribute" command on a running vserver to change context capabilities : [EMAIL PROTECTED] ~]# grep Caps /proc/virtual/500/status BCaps: 344c04ff CCaps: 0101 [EMAIL PROTECTED] ~]# vattribute --ccap SECURE_MOUNT --xid 500 [EMAIL PROTECTED] ~]# grep Caps /proc/virtual/500/status BCaps: CCaps: 00010101 It resets the native linux capabilities. From the sources, the kernel system call "vc_set_ccaps" can only reduce the bcaps ; as the "bcaps" transmitted by vattribute is zero, it gets this value. Perhaps the "bcaps" member, in vattribute.c, should be computed respectively to the "--bcaps" argument requiring a decrease of bcaps before calling "vc_set_ccaps", in the case of an existing context ? The present behaviour is a bit disturbing, as we have to add something like "--bcap 0x" to leave it untouched. PS : the --help has a little bug (0.30.210) : [EMAIL PROTECTED] ~]# vattribute --help --cap ... context capability to be added ==> --ccap -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] nfs mount
Hi all I want my guest (yes the guest) mount some nfs partition from my central NFS server. When I try this I got this message mount: permission denied What's wrong ? I've google and some message tell me that's no really good idea to do this because the guest can make new /dev. But I «don't care» because I need nfs (home-dir). Any one can help me ? Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 ième étage, plateau D, bureau 10 Heure local/Local time: Tue Apr 4 13:25:36 CEST 2006 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problem with apt-get
Peter Mann a écrit : So I have a question is the kernel-image package needed on the client side ?? no Good News ... If not, how to remove it and how clean the apt-get history ? apt-get remove --purge kernel-image-2.4.27-2-686 kernel-image-2.6.8-2-386 Thank you very much ! you can remove more packages - look at debian newvserver script and REMOVE_PACKAGES and REMOVE_SCRIPTS ... how you created your vserver guest??? I will do that ! It is a professional hosting service... i don't make anything, I receive it ready to work with an ssh account. I just add some server like postfix, courrier-pop, appache, ... Thanks, Geoffroy Culot ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ACLs on root filesystem in vserver
Hi there, > usually the 'guest' filesystem is already mounted > on the host, so if you have it mounted with acl, > the acls will be used inside and outside the guest Strange things happen. I created a new server, and the ACLs worked. Beside, I'm pretty sure that at a certain point of time the ACLs worked on the first server as well. I do not know what went wrong. If you want me to debug this problem, write me an e-mail, otherwise - the matter is closed for me. Regards, January -- January Weiner 3 -+--- Division of Bioinformatics, University of Muenster | Schloßplatz 4 (+49)(251)8321634 | D48149 Münster http://www.uni-muenster.de/Biologie.Botanik/ebb/| Germany ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ACLs on root filesystem in vserver
On Tue, Apr 04, 2006 at 08:44:57AM +0200, January Weiner wrote: > > usually the 'guest' filesystem is already mounted > > on the host, so if you have it mounted with acl, > > the acls will be used inside and outside the guest > > Ummm, OK. Below you will find how it looks like on my system. But > as a general question: how/where can I specify the mount options for > the root filesystem of the vserver? > > ebbalanin:~# mount | grep acl > /dev/hda1 on / type reiserfs (rw,acl,notail) > ebbalanin:~# cat /etc/vservers/svnserver1/apps/init/mtab | grep acl > /dev/hdv1 / ufs rw,acl 0 0 > ebbalanin:~# touch test ; setfacl -m u:root:rwx /tmp/test > ebbalanin:~# vserver svnserver1 enter > svnserver1:/# su - > svnserver1:~# mount | grep acl > /dev/hdv1 on / type ufs (rw,acl) > svnserver1:~# touch /tmp/test ; setfacl -m u:root:rwx /tmp/test > setfacl: /tmp/test: Operation not supported > But this works for me - setfacl and getfacl on /tmp/test inside vserver is working, when the filsystem containing the vservers is mounted with option "acl". I'm using kernel 2.6.15 + vserver patch-2.6.15-2.0.2rc13+ and my vservers reside on an ext3 filesystem. Two suggestions: * /tmp is probably mounted as tmpfs inside vserver - try another directory for your acl tests * try ext3 instead of reiserfs Greetings, Gerald ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Host & guest
Hi there, on Monday, April 3, 2006 at 11:58:19 AM there was posted: AS> I've some strange problem with my guest. AS> I've configured a vserver (the guest) with FC4 (the host too). AS> On the guest (after vserver name enter) everthing work. AS> On the host everything work too. AS> But if I make a ssh connection to the IP adresse of the AS> GuestI'm log into the Host. AS> What's wrong with my install ? Just 4 the records: This is why http://linux-vserver.org/VServer+installation+Fedora+Core+4#g6 states "ensure that each server instance binds only to its relating ip(s) to avoid annoying IP conflict" ;-) -- regards 'n greez, Guenther Fuchs (aka "muh" and "powerfox") ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kde and ltsp on a guest
Hi Oliver, > > If you get this up and running - I would appreciate to see your resukts > > on the wiki or here on the list (have the same need but didnt spend any > > efforts so long..) I gave up trying vserver with LTSP. I needed to use portmap and 127.0.0.1 So I went back to Xen and discovered that at least some of my previous problems were hardware related. I've since got ltsp/kde/xen working. There is still much room for improvement but here are my notes http://www.gatopelao.org Cheers Chris. On 3/4/06, Chris Fanning <[EMAIL PROTECTED]> wrote: > Hi Oliver. > > > as all guest use the "original" kernel more or less directly, there is > > almost no performance loss and even no networking latency > ! :) > > > > But you might run into problems regardig proper rights that X needs on > > the kernel to run the grafics card - I am not that deep in the stuff to > > give you adequate advise on this - but I think there are several people > > here who can... > I don't intend to run an X server on the host or guest servers, only > on the terminals. > > > If you get this up and running - I would appreciate to see your resukts > > on the wiki or here on the list (have the same need but didnt spend any > > efforts so long..) > it would be a pleasure. > > Chris. > > > -- > > Diese Nachricht wurde digital unterschrieben > > oliwel's public key: http://www.oliwel.de/oliwel.crt > > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > > > > > > ___ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > > > > > > ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver